Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Infected with a spyware [Closed]

Robinwhood

Posted 30 November 2014 - 04:44 PM

Robinwhood

New Member

Member

2 posts

Hello GTG I'm new !
I came here because as the title says Iv'e being infected.
I know that all I'm typing is recorded, because one of my account got hacked. I'm now protected. But the virus is still here.
Strange process are running in the task manager (see log). Sometimes my mouse is moving on it's own?..

I can't download MalwareBytes. It gets automatically deleted ! I tried in safe mode still the same !

Advertisements

ruggie_uk

Posted 01 December 2014 - 03:44 AM

ruggie_uk

Trusted Helper

Malware Removal

2,083 posts

Greetings Robinwhood and

My nickname is Ruggie and I will be assisting you in cleaning your computer.Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.

Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.

When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.

If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

Please be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

If at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

Please stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

Due to you using Windows 8, we are better using a different tool to scan.

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.

Right click to run as administrator. >> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

When the tool opens click Yes to the disclaimer.

Ensure that the following are ticked as in the image below

Drivers MD5Shortcut.txtAddition.txt

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

ruggie_uk

Posted 01 December 2014 - 09:59 AM

ruggie_uk

Trusted Helper

Malware Removal

2,083 posts

Hi there, lets get you sorted out, firstly:

P2P WARNING!

It appears that there is at least one Peer to Peer(P2P) program on your computer:

uTorrent

Whilst some P2P programs themselves may be harmless, we at GeeksToGo do not recommend their use due to the extremely high likelyhood of obtaining an infection from files that have been downloaded. This may range from annoying adware to malicious trojans stealing your passwords and other personal information.

There is also the risk of inadvertently sharing information that wasn't intended due to incorrectly configured software.

It is highly likely that this is the source of the issue that brought you here today. And if not, probably what will bring you back at a later date.

Download the attached fixlist.txt2.82KB143 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe

Right click and run as administrator. When the tool opens click Yes to the disclaimer.

Press the Fix button.

It will produce a log called fixlog.txt on your Desktop.

Please copy and paste the contents of that log back here.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Step 2

We need to uninstall some programs.

Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.

Select the following programs from the list below, one at a time and click Uninstall.

Hotspot Shield 3.37

The following are optional to uninstall but it is HIGHLY recommended that you do.

uTorrent

Step 3

Junkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.

Shut down your protection software now to avoid potential conflicts.

Run the tool by right-clicking and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Step 4

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.

Click the Report button to get the log.

Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.

Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.